Known Exploited Vulnerabilities Catalog

For the benefit of the cybersecurity community and network defenders—and to help every organization better manage vulnerabilities and keep pace with threat activity—CISA maintains the authoritative source of vulnerabilities that have been exploited in the wild. Organizations should use the KEV catalog as an input to their vulnerability management prioritization framework.

How to use the KEV Catalog

The KEV catalog is also available in these formats:

CSV
JSON
JSON Schema (updated 06-25-2024)
Print View
License

Fuel CMS | Fuel CMS

CVE-2020-17463

Fuel CMS SQL Injection Vulnerability: FUEL CMS 1.4.7 allows SQL Injection via the col parameter to /pages/items, /permissions/items, or /navigation/items.

Related CWE: CWE-89

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.

Date Added: 2021-12-10
Due Date: 2022-06-10

Additional Notes

Pi-hole | AdminLTE

CVE-2020-8816

Pi-Hole AdminLTE Remote Code Execution Vulnerability: Pi-hole Web v4.3.2 (aka AdminLTE) allows Remote Code Execution by privileged dashboard users via a crafted DHCP static lease.

Related CWE: CWE-78

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.

Date Added: 2021-12-10
Due Date: 2022-06-10

Additional Notes

MongoDB | mongo-express

CVE-2019-10758

MongoDB mongo-express Remote Code Execution Vulnerability: mongo-express before 0.54.0 is vulnerable to Remote Code Execution via endpoints that uses the `toBSON` method.

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.

Date Added: 2021-12-10
Due Date: 2022-06-10

Additional Notes

Apache | Log4j2

CVE-2021-44228

Apache Log4j2 Remote Code Execution Vulnerability: Apache Log4j2 contains a vulnerability where JNDI features do not protect against attacker-controlled JNDI-related endpoints, allowing for remote code execution.

Related CWEs: CWE-20| CWE-400| CWE-502

Known To Be Used in Ransomware Campaigns? Known

Action: For all affected software assets for which updates exist, the only acceptable remediation actions are: 1) Apply updates; OR 2) remove affected assets from agency networks. Temporary mitigations using one of the measures provided at https://www.cisa.gov/uscert/ed-22-02-apache-log4j-recommended-mitigation-measures are only acceptable until updates are available.

Date Added: 2021-12-10
Due Date: 2021-12-24

Additional Notes

Qualcomm | Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables

CVE-2020-11261

Qualcomm Multiple Chipsets Improper Input Validation Vulnerability: Memory corruption due to improper check to return error when user application requests memory allocation of a huge size in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables

Related CWE: CWE-20

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.

Date Added: 2021-12-01
Due Date: 2022-06-01

Additional Notes

MikroTik | RouterOS

CVE-2018-14847

MikroTik Router OS Directory Traversal Vulnerability: MikroTik RouterOS through 6.42 allows unauthenticated remote attackers to read arbitrary files and remote authenticated attackers to write arbitrary files due to a directory traversal vulnerability in the WinBox interface.

Related CWE: CWE-22

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.

Date Added: 2021-12-01
Due Date: 2022-06-01

Additional Notes

Zoho | ManageEngine ServiceDesk Plus (SDP)

CVE-2021-37415

Zoho ManageEngine ServiceDesk Authentication Bypass Vulnerability: Zoho ManageEngine ServiceDesk Plus before 11302 is vulnerable to authentication bypass that allows a few REST-API URLs without authentication

Related CWE: CWE-306

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.

Date Added: 2021-12-01
Due Date: 2021-12-15

Additional Notes

Apache | Apache

CVE-2021-40438

Apache HTTP Server-Side Request Forgery (SSRF): A crafted request uri-path can cause mod_proxy to forward the request to an origin server choosen by the remote user. This issue affects Apache HTTP Server 2.4.48 and earlier.

Related CWE: CWE-918

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.

Date Added: 2021-12-01
Due Date: 2021-12-15

Additional Notes

Zoho | ManageEngine ServiceDesk Plus (SDP) / SupportCenter Plus

CVE-2021-44077

Zoho ManageEngine ServiceDesk Plus Remote Code Execution Vulnerability: Zoho ManageEngine ServiceDesk Plus before 11306, ServiceDesk Plus MSP before 10530, and SupportCenter Plus before 11014 are vulnerable to unauthenticated remote code execution

Related CWE: CWE-306

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.

Date Added: 2021-12-01
Due Date: 2021-12-15

Additional Notes

Perl | Exiftool

CVE-2021-22204

ExifTool Remote Code Execution Vulnerability: Improper neutralization of user data in the DjVu file format in Exiftool versions 7.44 and up allows arbitrary code execution when parsing the malicious image

Related CWE: CWE-95

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.

Date Added: 2021-11-17
Due Date: 2021-12-01

Additional Notes

Microsoft | Windows

CVE-2021-40449

Microsoft Windows Win32k Privilege Escalation Vulnerability: Unspecified vulnerability allows for an authenticated user to escalate privileges.

Related CWE: CWE-416

Known To Be Used in Ransomware Campaigns? Known

Action: Apply updates per vendor instructions.

Date Added: 2021-11-17
Due Date: 2021-12-01

Additional Notes

Microsoft | Exchange

CVE-2021-42321

Microsoft Exchange Server Remote Code Execution Vulnerability: An authenticated attacker could leverage improper validation in cmdlet arguments within Microsoft Exchange and perform remote code execution.

Related CWEs: CWE-184| CWE-502

Known To Be Used in Ransomware Campaigns? Known

Action: Apply updates per vendor instructions.

Date Added: 2021-11-17
Due Date: 2021-12-01

Additional Notes

Microsoft | Office

CVE-2021-42292

Microsoft Excel Security Feature Bypass: A security feature bypass vulnerability in Microsoft Excel would allow a local user to perform arbitrary code execution.

Related CWE: CWE-357

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.

Date Added: 2021-11-17
Due Date: 2021-12-01

Additional Notes

Accellion | FTA

CVE-2021-27104

Accellion FTA OS Command Injection Vulnerability: Accellion FTA contains an OS command injection vulnerability exploited via a crafted POST request to various admin endpoints.

Related CWEs: CWE-20| CWE-78

Known To Be Used in Ransomware Campaigns? Known

Action: Apply updates per vendor instructions.

Date Added: 2021-11-03
Due Date: 2021-11-17

Additional Notes

Accellion | FTA

CVE-2021-27102

Accellion FTA OS Command Injection Vulnerability: Accellion FTA contains an OS command injection vulnerability exploited via a local web service call.

Related CWEs: CWE-20| CWE-78

Known To Be Used in Ransomware Campaigns? Known

Action: Apply updates per vendor instructions.

Date Added: 2021-11-03
Due Date: 2021-11-17

Additional Notes

Accellion | FTA

CVE-2021-27101

Accellion FTA SQL Injection Vulnerability: Accellion FTA contains a SQL injection vulnerability exploited via a crafted host header in a request to document_root.html.

Related CWEs: CWE-89| CWE-138

Known To Be Used in Ransomware Campaigns? Known

Action: Apply updates per vendor instructions.

Date Added: 2021-11-03
Due Date: 2021-11-17

Additional Notes

Accellion | FTA

CVE-2021-27103

Accellion FTA Server-Side Request Forgery (SSRF) Vulnerability: Accellion FTA contains a server-side request forgery (SSRF) vulnerability exploited via a crafted POST request to wmProgressstat.html.

Related CWE: CWE-918

Known To Be Used in Ransomware Campaigns? Known

Action: Apply updates per vendor instructions.

Date Added: 2021-11-03
Due Date: 2021-11-17

Additional Notes

Adobe | Acrobat and Reader

CVE-2021-21017

Adobe Acrobat and Reader Heap-based Buffer Overflow Vulnerability: Acrobat Acrobat and Reader contain a heap-based buffer overflow vulnerability that could allow an unauthenticated attacker to achieve code execution in the context of the current user.

Related CWE: CWE-122

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.

Date Added: 2021-11-03
Due Date: 2021-11-17

Additional Notes

Adobe | Acrobat and Reader

CVE-2021-28550

Adobe Acrobat and Reader Use-After-Free Vulnerability: Adobe Acrobat and Reader contains a use-after-free vulnerability that could allow an unauthenticated attacker to achieve code execution in the context of the current user.

Related CWE: CWE-416

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.

Date Added: 2021-11-03
Due Date: 2021-11-17

Additional Notes

Adobe | ColdFusion

CVE-2018-4939

Adobe ColdFusion Deserialization of Untrusted Data Vulnerability: Adobe ColdFusion contains a deserialization of untrusted data vulnerability that could allow for code execution.

Related CWE: CWE-502

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.

Date Added: 2021-11-03
Due Date: 2022-05-03

Additional Notes

Known Exploited Vulnerabilities Catalog

Subscribe to the KEV Catalog Updates